[Zope] set permission dependig from domain

Sidnei da Silva sidnei@x3ng.com.br
Thu, 28 Feb 2002 15:03:06 -0300 

There is somethin called precommand on files. Maybe you should try it.

[]'s

Em Qui 28 Fev 2002 14:25, Marcus Bergmann escreveu:
> Joel Burton wrote:
> > On Thu, 28 Feb 2002, Marcus Bergmann wrote:
> > > Hello,
> > >
> > > is it possible to set permissions, e.g. 'view', depending from the
> > > surfers domain? I need to protect files and folders from viewing by
> > > surfers outside our domains. I dont want a login screen!
> >
> > Haven't tried this, but would it work to:
> >
> > in outer folder, create user "bob" with low privileges (ie can't view
> > documents in question)
> >
> > in inner folder, create user "bob" with same password and higher
> > privileges (ie can view docs in question) __and__ with restricted domain
> > list
> >
> > when zope goes to show bob the content, it would fail with the inner bob
> > if he's not from the right domain and fall back on the outer bob who
> > lacks the right privileges.
> >
> > Not sure if it would do this, though: it might not bubble up to the next
> > bob. If it sounds interesting, check & see & let us know.
>
> I dont want to do this beacause I dont want to force the users to login.
> I want Zope to check the domain, the user comes from and either to allow
> or deny access. No problem with DTML-Documents or -Methods. There I can
> query the REMOTE_HOST. But if I publish files, there is no way to run a
> script, is it?
>
> > -*-
> >
> > if this doesn't work, something more programmatic, like a SetAccessRule
> > python script in the folder in question would work. This would compare
> > the requester's domain and could raise an exception. It's not nice, clean
> > declaration security like above, but, hey, it would get the job done.
>
> Ok, I could write such a script, but how do I run the script when the
> user acesses the contents of the folder? Lets say the user directly
> calls http://mydomain/myfolder/myfile.pdf.
>
> > -*-
> >
> > btw: if you're using a different webserver (eg apache) as the front end,
> > you might not be getting the real browser IP address proxied to you; you
> > might be getting the IP address of your apache box. Search the list for
> > messages about this for workarounds.
>
> No problem, our Apache let the REMOTE_HOST name pass.
>
> > --
> >
> > Joel BURTON  |  joel@joelburton.com  |  joelburton.com  |  aim:
> > wjoelburton Independent Knowledge Management Consultant
>
> In my view the missing of the possibility to deny/allow access to
> objects in Zope is a missing feature. You can do it easy with Apache,
> why not with Zope?
>
> Thanks,
> Marcus
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )

-- 
Sidnei da Silva
X3ng Web Technology
sidnei@x3ng.com.br